ASSESSMENT ANALYST JOB DESCRIPTION

From vulnerability scanning and STIG validation to R Shiny development and joint campaign assessments, these Assessment Analyst JDs cover the full scope of the field.

Assessment Analyst Job Description Template

1. About the Role

Across federal defense and national laboratory environments, security and operational frameworks carry significant accountability: when assessment cycles slip or vulnerability findings go unresolved, Systems Impact Assessments stall, POA&Ms accumulate unchecked, and Combatant Command planning loses analytical grounding. The Assessment Analyst exists precisely to prevent that failure state. Operating within government contractor and agency settings governed by DoD 8570 and RMF compliance requirements, this role owns the full arc of technical evaluation, from running ACAS and SCAP scans to synthesizing warfighting data into executive-level findings. Clearance-required and stakeholder-intensive by nature, it demands equal fluency in technical rigor and senior-leader communication.

2. Position Summary

The mandate of the Assessment Analyst is to ensure that information systems, security controls, and operational programs meet federally mandated compliance standards and deliver defensible, data-driven findings to mission-critical stakeholders. Analysts in this role operate across government and defense contractor environments, supporting system owners, Combatant Command staffs, or national laboratory security offices depending on program assignment.

3. Why Join Us

Career Impact: Consistent work at the DoD 8570 IAT Level II threshold and above establishes a documented compliance record that directly expands eligibility for senior ISSO, Security Control Assessor, and IA program management roles across federal agencies.

Business Impact: System owners, Combatant Command planners, and program managers rely on the analyst's findings to determine whether systems receive authorization to operate; a delayed or inaccurate assessment can halt mission-critical programs.

Growth Opportunity: Exposure to both technical vulnerability analysis and operational warfighting assessments builds dual competency rarely combined in a single role, accelerating the path toward ORSA, senior analyst, or program lead positions at the O-5-equivalent or GS-13/14 level.

4. Key Responsibilities

  • Manage System Impact Assessments for assigned programs, coordinating with system owners and project managers to meet Information Assurance documentation requirements.
  • Conduct ACAS, SCAP, and manual STIG validation scans to identify open vulnerabilities requiring remediation before system authorization.
  • Analyze vulnerability scan outputs to prioritize critical findings and advise system owners on closure, mitigation, or POA&M submission pathways.
  • Develop and maintain Plans of Action and Milestones for all assigned assessments through program lifecycle, ensuring accurate tracking and timely resolution.
  • Review network diagrams and submit firewall change requests in support of system boundary documentation.
  • Perform operational warfighting and capability assessments by applying qualitative and quantitative analytical techniques to joint planning products.
  • Coordinate with DOD partners, Joint Staff, coalition, and interagency stakeholders to consolidate assessment inputs and deliver integrated findings.
  • Brief senior military and civilian leaders on assessment results, including findings on complex, sensitive, or operationally significant programs.

5. Required Qualifications

  • Bachelor's degree in Information Security, Information Systems, Computer Science, or a related field, or equivalent work experience.
  • 3 or more years of security assessment, vulnerability analysis, or operational analysis experience, with exposure to federal compliance frameworks.
  • Active DoD Secret clearance or higher, with eligibility to maintain clearance throughout the engagement.
  • DoD 8570 compliant certification at IAT Level II or equivalent, such as Security+ CE, before start date.
  • Demonstrated ability to conduct STIG validation, interpret vulnerability scan outputs, and recommend remediation strategies aligned with federal guidance.
  • Strong written and verbal communication skills, including the ability to prepare findings and briefings for senior leadership.
  • Analytical proficiency in evaluating security controls, identifying risk posture gaps, and supporting corrective action planning.
  • Familiarity with POA&M creation, tracking, and lifecycle management within a federal or DoD compliance environment.

6. Preferred Qualifications

  • TS/SCI clearance or eligibility, supporting higher-visibility Combatant Command or Joint Staff assignments.
  • Experience with Command Cyber Readiness Inspection scoring processes and DOE- or RMF-aligned risk management approaches.
  • Background in operations research, systems analysis, or quantitative methodology applied to joint or campaign-level military assessments.
  • Master's degree in Operations Research, Information Assurance, or a closely related quantitative field.

7. Success Metrics & Environment

  • SIA completion rate per quarter, measuring throughput against program assessment deadlines.
  • POA&M closure percentage within scheduled remediation windows, reflecting follow-through on vulnerability findings.
  • CCRI scoring outcomes for systems under assessment, indicating compliance posture relative to DoD inspection standards.
  • Mean days from scan execution to remediation recommendation, measuring analytical cycle time on vulnerability findings.
  • Percentage of STIG findings resolved before system authorization, tracking pre-ATO closure discipline.
  • Typical tools: vulnerability scanning platforms (commonly Nessus/ACAS, SCAP Compliance Checker); documentation and task management (commonly SharePoint, task management tools per command).

8. Compensation & Benefits (US Market Benchmark)

  • Base Salary Range: $85,000 to $115,000 annually, varying by clearance level and location
  • Bonus: Annual performance bonus, typically 5% to 10% of base salary
  • Equity: Not standard; government contractor roles rarely include equity
  • Health Benefits: Medical, dental, and vision; standard federal contractor coverage
  • PTO: 15 to 20 days annually, plus federal holidays
  • Common Perks: Clearance sponsorship, continuing education reimbursement, certification support for DoD 8570 compliance


Figures are estimates based on general US market benchmarks and may be outdated. Adjust based on location, company size, and seniority level.

9. EEO & Legal

Employment is contingent on successful completion of a background investigation and verification of the required security clearance. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status, or any other characteristic protected under applicable federal, state, and local law. Applicants requiring a reasonable accommodation to participate in the hiring process are encouraged to submit a request. Candidates must be authorized to work in the United States.

Assessment Analyst Job Description Examples

1. Assessment Analyst (Information Assurance)

The Assessment Analyst owns the full lifecycle of System Impact Assessments across multiple projects, running ACAS and SCAP scans, validating STIG checklists, and coordinating with system owners to close or mitigate open vulnerabilities. Working under DoD and Air Force guidance, this role delivers remediation recommendations, maintains POA&Ms, and produces the security documentation that keeps systems compliant throughout each project lifecycle.


Key Responsibilities

  • Manage multiple System Impact Assessments across various projects, working directly with system owners and Project Managers to ensure all Information Assurance checks have been completed and required documentation and artifacts have been presented.
  • Run and review ACAS scans, SCAP scans, and manually validate STIG checklists.
  • Analyze vulnerability scan, SCAP scan, and STIG checklist results to determine critical open vulnerabilities requiring remediation before approving the SIA.
  • Work with system owners to determine whether open vulnerabilities can be closed, mitigated, or require a POA&M submission.
  • Identify impacts and consider existing risk mitigation strategies, working with the system POC to close or mitigate vulnerabilities.
  • Provide remediation recommendations to system owners based on DoD and AF guidance and directives.
  • Review and update network diagrams and submit firewall change requests.
  • Complete security control validation and self-assessment of a system or network to address known threats and vulnerabilities.
  • Run pre- and post-MKRunTest software evaluation scans and analyze results to determine whether the software presents new vulnerabilities requiring remediation.
  • Create SIA memorandums and supporting documentation.
  • Create and maintain Standard Operating Procedures (SOPs) and Work Instructions (WIs).
  • Create and track Plans of Action & Milestones (POA&Ms) for all System Impact Assessments throughout the project lifecycle.


Required Qualifications

  • Bachelor's degree in Information Security, Information Systems, or a related discipline with 8+ years of direct experience.
  • Master's degree with 6+ years of experience; additional relevant specialized training and experience may be substituted instead of a degree.
  • Current DoD 8570-compliant certification for IAT Level II (e.g., Security+ with CE) required before start.
  • Active DoD Secret clearance or higher required.
  • Experience with Nessus scanning and reading vulnerability details from the tool.
  • Experience with the validation of Security Technical Implementation Guides (STIGs) for all products.
  • System administration background.
  • Experience with Command Cyber Readiness Inspection (CCRI) scoring.
  • Expert in evaluating security controls and compliance across a variety of hardware and software systems.
  • Strong written communication skills to coordinate issues and concerns with the team.
  • Strong analytical and problem-solving skills.
  • Ability to work effectively both independently and within a team environment.

2. Assessment Analyst (Joint Operations & ORSA)

Embedded within the USCENTCOM Joint Operations Planning and Assessments function, the Assessment Analyst leads operational assessments and provides critical review for major programs, campaigns, and operations with national or international impact. Working closely with Operational Planning Teams, Crisis Action Teams, and staff members, the Assessment Analyst coaches assessment practices, develops data collection management plans, and delivers executive-level analysis that informs joint and DoD-wide assessments doctrine.


Core Functions

  • Provide assessment support for joint campaigns, operations, strategy, and planning.
  • Participate in joint planning and mission analysis activities to examine a mission and ensure measurable and achievable end states, objectives, desired effects, and tasks are developed.
  • Develop, analyze, and compare alternative courses of action (COAs) and select the best COA to produce a plan or order.
  • Lead operation assessments and provide critical and logical review for major programs, campaigns, and operations with national or international impact involving complex, controversial, or sensitive issues.
  • Coach, teach, and mentor staff members on assessment practices and best practices, supporting the planning and execution of exercises to reinforce proficiency.
  • Support Operational Planning Teams (OPTs), Crisis Action Teams (CATs), and other assigned boards and working groups.
  • Review and provide detailed comments on plans, orders, and strategic planning documents.
  • Document working group results, conferences, IPRs, and other milestone activities.
  • Provide technical expertise to assist in implementing initiatives that improve DoD-wide Joint and Service assessments doctrine and support the DoD Assessment Community of Interest (ACOI).
  • Create data management tools, develop and manage data collection management plans (DCMPs), and develop tools, methods, and processes for data collection and analysis.
  • Use, modify, and tailor assessment tools, including Command and Control of the Information Environment (C2IE).
  • Verify and validate data for accuracy to ensure precise analysis results.
  • Provide input and consolidate feedback on past, current, and future activities for the CCJ5, including weekly and quarterly updates and executive summaries for leadership.


Qualifications & Experience

  • Master's degree in Operations Research or a related field.
  • 5 years of assessment experience.
  • 2 years of operational assessment and Operations Research experience at a Combatant Command or equivalent at the O-5 level or higher.
  • Experience conducting analysis using a variety of Operations Research techniques and tools, working independently or leading a small team.
  • Ability to develop and support new analytic capabilities and integrate analytical applications and Microsoft applications to support assessments.
  • Ability to communicate and prepare correspondence and presentations at the senior executive level.
  • Solid decision-making, problem-solving, and workload management skills.
  • Ability to multi-task under tight deadlines and adapt quickly to changing environments.

3. Assessment Analyst (Vulnerability Assessment & Cybersecurity)

Reporting to the Cybersecurity organization, the Assessment Analyst performs internal and external assessments and audits of Information Technology, Managed Services, and Software as a Service systems to identify security gaps and strengthen controls. Partnering with software developers and database administrators, this role delivers application scanning plans, written remediation reports, and hands-on guidance that builds secure development practices in line with Department of Energy cybersecurity requirements.


Primary Duties

  • Perform internal and external assessments and audits of Information Technology, Managed Services, Software as a Service, and all other services.
  • Assess system security protection measures and maintain documentation for applicable systems.
  • Make recommendations for improvements in cybersecurity controls.
  • Develop and maintain an application scanning plan.
  • Produce written reports summarizing application scanning activities and containing recommendations for improvement.
  • Develop skill sets to maintain the technology toolset and represent the Cybersecurity organization in gaining knowledge of secure application techniques and development.
  • Work closely with software developers and database administrators to provide guidance, training, and tools for developing secure code, protecting information, and ensuring security is built into applications and systems.


Education & Experience

  • Bachelor's degree or higher in Computer Science, Computer Security, Information Technology, or a related science or engineering field, including electrical or computer engineering, mathematics, or physics.
  • Associate's degree with 4+ years of relevant experience is accepted at Level 1, and a Bachelor's degree with 2 years or an Advanced degree with 1 year of relevant experience is required at Level 2.
  • Experience working with distributed team members and commitment to thorough documentation and communication.
  • Knowledge of cyber threats and vulnerabilities, application vulnerabilities, cybersecurity and privacy principles, and programming language structures and logic.
  • Knowledge of Federal cybersecurity regulatory requirements pertinent to the Department of Energy, including DoE Cyber Security controls and requirements.
  • Technical proficiency in developing cybersecurity policies and procedures, with the ability to audit information systems with an emphasis on cybersecurity controls per the DOE Risk Management Approach.
  • Strong computer skills, including MS Word, Excel, and PowerPoint.
  • Strong analytical, problem-solving, communication, interpersonal, and presentation skills.

4. Assessment Analyst (Operational Warfighting Analysis)

Sitting at the intersection of joint warfighting analysis and military capability development, the Assessment Analyst supports the Joint Staff, multiple Combatant Commands, and coalition partners by performing operational analysis that shapes policy on experimentation, capability development, and force design. Operating across concept development, data synthesis, and written reporting, this role delivers key insights and implications that inform Joint force development and strategic decision-making at the executive level.


Strategic Responsibilities

  • Support joint warfighting and military capability development for the Joint Staff, multiple Combatant Commands, Services, and coalition partners.
  • Perform operational warfighting analysis supporting the development and assessment of the effectiveness, viability, and robustness of emergent joint concepts that shape policy on experimentation, capability development, and force design.
  • Develop and refine data collection and analysis methodologies to ensure all assessment data collected is of sufficient quantity, quality, and relevancy to meet objectives.
  • Coordinate with experiment, exercise planning, and data management teams on incorporating analysis methodologies and requirements into data management and analysis plans (DMAPs).
  • Apply soft operational analysis techniques to collect, analyze, and synthesize qualitative information to support judgement analysis in concept development, Joint force development, and design.
  • Perform data synthesis to develop key insights and implications in the form of written reports and summary presentations.


Skills & Qualifications

  • Master's degree required.
  • TS/SCI clearance required.
  • 15+ years of experience supporting military organizations.
  • 5+ years of experience performing quantitative, qualitative, and data science analysis using analytic techniques and methodologies.
  • Experience working complex warfighting problems in the Indo-Pacific or Eurasia region, including tactical, operational, and campaign-level analysis.
  • Experience working warfighting requirements, including integrated priority lists, defense planning, programming, budgeting and execution processes, and Joint Requirements Oversight Council processes.
  • Experience with concept development and assessing the implications and contributions of new programmatic and modernization efforts.
  • Knowledge of mathematics, statistical, and engineering methods for solving complex problems, as well as Joint Staff and Combatant Command processes and procedures.
  • Ability to display critical thinking to examine gaps within a warfighting campaign and develop actionable solution recommendations.
  • Ability to write and communicate at the executive level.

5. Assessment Analyst (Health Technology Assessment & R Programming)

A key member of the Health Technology Assessment Analytics team, the Assessment Analyst leads the building of R Shiny tools and delivers statistical outputs including network meta-analysis, survival analysis, and health-state utilities for HTA submissions globally. Collaborating across a high-pressure global matrix environment with multiple stakeholders, this role shapes analytical standards and serves as the primary point of contact for R-based guidance and training that improve team efficiencies and support strategic access and reimbursement decisions.


Duties

  • Provide R programming support to the Health Technology Assessment Analytics team.
  • Lead the building of R Shiny tools to support team activities.
  • Build new R Shiny tools and help establish standards to improve efficiencies within the team.
  • Build new, modify existing, or review and reproduce statistical deliverables, including network meta-analysis, survival analysis, and health-state utilities, along with associated programming code for use in HTA submissions globally.
  • Act as a primary point of contact for training, guidance, advice, and support on R-based deliverables.
  • Execute sales policies and practices.


Experience & Qualifications

  • MSc, MPhil, or PhD (preferred) in Statistics, Biostatistics, Mathematics, or a related quantitative field.
  • 3+ years of programming experience within the pharmaceutical industry.
  • Expert knowledge of the R analysis platform, including demonstrated experience building R Shiny applications.
  • Knowledge of HTA-relevant statistical methodologies, including indirect treatment comparisons, survival analysis, and utility estimation.
  • Good understanding of clinical trial design and analysis, data management, and clinical concepts applied to drug development within the pharmaceutical industry.
  • Understanding of health economic and outcomes research, including patient-reported outcomes, evidence synthesis, economic modelling, and budget impact analysis.
  • Ability to work proactively and independently in a high-pressure, global matrix environment with multiple stakeholders.

Editorial Process and Content Quality

This content is developed by the Lamwork Editorial Team using structured analysis of real-world job data, skill requirements, and hiring patterns.

Research framework by Lam Nguyen, Founder & Editorial Lead.

Reviewed by Thanh Huyen, Managing Editor.

Learn more about our editorial standards.